55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4

Analysis

max time kernel
509s
max time network
512s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-05-2024 09:46

Target

uninst.exe.nsis
Size

2.2MB
MD5

cffa0d5e57c4dfb318c75df221a2a0d8
SHA1

753e6952ee9022316b0ef34e8e9cb8ae930a8501
SHA256

964e23a72da9c5f2ad32fb6e31517e7bb5ceab4b2e7ea711d98362aecec306e0
SHA512

c4ec1acf8702ddf02fc8c4925e2fc46788419ee3d22f2039d17e5003e3532b322879b9334134ac592bee12281d0d87a0aa17311d2b6e74413f0d519f2225604d
SSDEEP

49152:MQEtu40mQVZEbhqqFXF5SxgH/FQBFKedvOVFCgeT6QXkS:Wr0mQVOjfSxgHtQBFZdG/Cgem9S

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2184	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\uninst.exe.nsis
1⤵
- Modifies registry class
PID:4400

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact